Like the title says. I'm almost finished with the essential UDP base, and noticed this command. Is it commonly used (i.e., should I rewrite my UDP thread to handle it, or is it a novelty, one-off kind of thing?)
~
How many people actually use ENCRYPT?
Moderator: AniDB
-
- Posts: 38
- Joined: Fri Jun 01, 2007 11:02 am
-
- AniDB Staff
- Posts: 379
- Joined: Sun Nov 07, 2004 11:05 am
-
- Posts: 38
- Joined: Fri Jun 01, 2007 11:02 am
unless I get it wrong..... the most important, which is the login message is not encrypted, right? basically, people don't have to hijack our other data. it just need our username + password, log in as a user and do whatever they want with our accounts!!!!
I kinda agree with epox that it is not really useful by itself at this point.
I kinda agree with epox that it is not really useful by itself at this point.
Huh?sphere wrote:unless I get it wrong..... the most important, which is the login message is not encrypted, right? basically, people don't have to hijack our other data. it just need our username + password, log in as a user and do whatever they want with our accounts!!!!
I kinda agree with epox that it is not really useful by itself at this point.
Of course the login data is encrypted.
If you use encryption for an UDP API "connection", the only thing which is transmitted in plain text is:
Code: Select all
> ENCRYPT user=someuser&type=1
< 209 df38djSjf3 ENCRYPTION ENABLED
Your username will be visible though. However, if you've set your privacy options on AniDB acordingly there is hardly anything that can be done, if an adversary only knows your username.
The current implementation has some weaknesses though, which is why I've proposed some modifications.
http://wiki.anidb.net/w/UDP_API_DEV#ENC ... pt_Command
BYe!
EXP